DMV staff are finishing the center's physical location, developing operating principles and policy, and establishing roles and responsibilities for the SOC personnel. The SOC is operating now, and the department expects it will be completed in June 2016.
The DMV believes its Security Operations Center might be the first of its kind in California state government, although similar approaches have been implemented in the federal government and private sector. The Security Operations Center is an important step for cybersecurity and the fight against cyberattacks, said Artemio Armenta, spokesperson for the California DMV.
"Given the amount of information and personal identifiable information (PII) data that we store, we are being proactive to help protect and ensure that hackers and intrusions do not get into our systems. Having a Security Operations Center positions the California DMV to aggressively monitor and respond to cyberattacks and reduce system vulnerabilities that could severely affect the integrity of data and personal information we protect,” Armenta said.
About 16 personnel will staff the SOC when it's fully operational; DMV is currently recruiting for five positions. The DMV has secured approximately $5.1 million in funding for the SOC through 2017-18. The budget will cover staffing, training, facilities, tools and other startup costs.
DMV explained how its real-time, 24/7 threat monitoring, analysis and response will operate in a detailed written response to Techwire:
The SOC will take a multi-prong approach to securing DMV’s information assets. The SOC will receive information from our various security, logging, and computer systems will perform analysis on those input streams, seeking anomalies and aberrant trends. The Security Analysts will conduct in-depth review of interesting activity to determine the validity of the activity, and handle accordingly. The SOC will also take a proactive approach to securing the DMV environment by analyzing existing security systems and protocols to ensure compliance with DMV policy, best practice, and external control requirements. SOC personnel will actively validate the efficacy of DMV’s security systems through application of the various tools available to SOC personnel. SOC personnel will have access to security and threat information from various external systems to assist in event correlation, as well as a wide view into DMV systems. The goal of implementing the SOC in this fashion is to establish a single-function unit with a logical view into DMV’s information assets, to build an end-to-end (internal to external) view of DMV’s information systems, so as to provide a real-time view of potential exploit of DMV assets, and address accordingly.
Vendors also are providing security products that are being integrated into the SOC, although the DMV said it would not divulge which companies and solutions are in the SOC. Traditional IT procurement processes are being used, DMV added.
In an interview earlier this month, DMV Director Jean Shiomoto said the SOC is like being in a control room with an array of big-screen TVs, and the staff are being trained on what to look for and how to escalate a security issue.
DMV Deputy Director Bernard Soriano added that the SOC will be a "huge" development.
"We have information about you — and information about basically all Californians, and we take our responsibility to secure that data very seriously, Soriano said.
